Great videos from Cisco Learning Network
For Spanning Tree Protocol ( 802.1d)
https://learningnetwork.cisco.com/docs/DOC-1755
For Rapid Spanning Tree Protocol ( 802.1w)
January 28, 2010
November 17, 2009
L2VPN/VPLS-Martini and Kompella
Both Martini-draft and Kompella-draft addressed setting up of a Pseudowire emulation over MPLS in order to offer L2VPN services. These drafts were initial efforts to standardise L2VPN services.
Martini draft was named after a former Cisco employee Luca Martini. Martini draft uses LDP as signalling to setup L2VPN over MPLS backbone. The tradeoff of this draft was auto-discovery.
Kompella draft on the other hand uses BGP for both signalling and auto-discovery to establish fully-meshed pseudo wires (multipoint). Kompella-draft is named after author Keerti Kompella (Juniper Employee).
draft-martini and draft-kompella terms are used as labels for the two different L2VPN services methodologies (LDP Vs BGP for signaling). The actual drafts do not exist in IETF.
In dealing with multipoint-fully meshed topologies in edge routers, draft-martini suffered auto-discovery, to overcome aut0-discovery, it suffered configuration overhead. draft-Kompella claimed to be better scalable because of suto-discovery but with complex signalling whereas draft-martini leverages simplicity.
Martini draft was standardized under RFC 4096 . however it has since been superseded by the Pseudowire Emulation Edge to Edge (PWE3) Working Group specifications described in RFC 4447 and related documents. On the other hand draft-kompella is obsolete and was not standardized..
RFC 4664 - Framework for Layer 2 Virtual Private Networks (L2VPN), it describes the framework for L2VPNs (VPWS, VPLS and IPLS). This framework is intended to aid in standardizing protocols and mechanisms to support interoperable L2VPNs. Requirements for L2VPNs can be found in RFC 4665 – Service Requirements for Layer 2 Provider-Provisioned Virtual Private Networks.
All this was consolidated, and the L2VPN Working Group produced two separate documents, RFC 4761 and RFC 4762, both offered VPLS but using different signaling protocols:
Kireeti Kompella and Yakov Rekhter published “Virtual Private LAN Service (VPLS) Using BGP for Auto-discovery and Signaling” RFC 4761 in January 2007.
Marc Lasserre and Vach Kompella published “Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling” RFC 4762 in January 2007.
L2VPN services for many vendors uses RFC 4762 -Martini ( with LDP) as a standard for example Alcatel 7450’s uses RFC 4762 as the standard
November 8, 2009
CCIE notes for GLBP
Gateway load balancing protocol performs similar function to HSRP and VRRP. In both HSRP and VRRP, group of routers participating in first hop-redundancy has one Active and can have multiple Client routers. At one single time, traffic is being passed through Active router, leaving client routers with unused bandwidth. Client routers will only become active once Active router in a group fails. We can create multiple groups and create different active routers but it results in extra administrative burden.
GLBP on the other hand can provide load balancing over multiple routers (gateways) using a Single Virtual IP and multiple Virtual mac-addresses. The bandwidth/traffic load is shared between multiple routers participating in the group rather than being handled by a single active router.
Following are the important points conceptually for GLBP.
- GLBP uses single Virtual IP and multiple mac-addresses to provide first-hop Gateway redundancy.
- In GLBP, there can be four routers/gateways in a group
- Hello messages are used to communicate with in the group destined to 224.0.0.102, udp port 3222 and they will be sent every 3 secs by default.
- initially group members will elect one AVG ( Active Virtual Gateway) and other routers will act as backup AVG’s incase the active AVG fails
- AVG will assign Virtual mac-addresses to other routers, they are known as AVF’s ( Active Virtual Forwarders)
- Each AVF assumes responsibility for forwarding packets sent to Virtual Mac’s assigned by AVG.
- AVG is responsible for answering ARP requests for Virtual IP’s
Configuring GLBP
R2(config-if)#glbp 1 load-balancing ?
host-dependent Load balance equally, source MAC determines forwarder choice
round-robin Load balance equally using each forwarder in turn
weighted Load balance in proportion to forwarder weighting
There are three different types of Load balancing algorithms in GLBP.
Host-Dependent
- The Mac-address of the host is used to determine which AVF’s mac is the host directed towards.
- A given host is guaranteed to use the same Virtual Mac as long as number of VF’s in the GLBP group are constant
- Host dependant GLBP is not recommended in situation where there are small number of hosts, for example, less than 20
Weighted
- GLBP places a weight on each device to calculate the amount of load sharing that will occur through MAC assignment
- Each GLBP router in a group will advertise its weight and AVG will act based on that value
- For example we have two routers, Router A and Router B. If router A has double the bandwidth capacity then router B. Router A will be configured with the double weighting value of router B
Round-Robin
- With Round-robin VF mac-address is used sequentially in ARP replies for the virtual IP
- This is the default type of GLBP algorithm
- It is suitable for any number of hosts.
Steps for configuring GLBP
- enable GLBP with glbp 1 load-balancing
- glbp 1 priority ( Higher is better, default is 100)
- glbp 1 ip x.x.x.x
- glbp 1 preempt < To enable preempt, by default its disabled>
- glbp 1 authentication ( Enabling authentication with in a group)
Verification
Show glbp
October 25, 2009
BGP Regular expressions / Public route-servers
I was looking at some older posts at Groupstudy and Dale posted the link to public route-servers. I agree the best way to practice regular-expressions for CCIE is to use one of the following public route-servers.
From: http://www.cymru.com/Documents/secure-bgp-template.html
route-views.oregon-ix.net
ner-routes.bbnplanet.net
route-server.cerf.net
route-server.ip.att.net
route-server.east.attcanada.com
route-server.west.attcanada.com
route-server.cbbtier3.att.net
route-server.gblx.net
route-server.as5388.net
route-server.savvis.net
route-server.colt.net
route-server.opentransit.net
route-server.gt.ca
public-route-server.is.co.za (South African routes only)
route-server.belwue.de
route-views.on.bb.telus.com
route-views.ab.bb.telus.com
route-server.ip.tiscali.net
route-server.wcg.net
route-server.manilaix.net.ph
route-server.ip.ndsoftware.net
route-server.utah.rep.net
route-server.he.net
zebra.swinog.ch
Just telnet to one of the above route-servers and you can login via guest/anonymous account. There you go and you can use some basic show commands.
October 21, 2009
A Sneak Peek at the v4 CCIE R/S Lab by Wendell
The recently announced changes to the CCIE R/S written and lab exams took effect this week. I recently had the chance to take the R/S lab again, as part of the Beta testing – so I decided to save up some observations and post them around the time the new exam has come out. Today I’ll look at a variety of things about the lab exam, and make another post next week concentrating on the biggest change: The 2-hour troubleshooting section.
You know, the strange thing is that many times over the years, I’ve wondered if they’d let me take the CCIE R/S Lab again – and not take away my CCIE number if I failed. It has certainly changed a lot since I took it back in 1995. I’ve always had the itch to try for another CCIE, but I think I’ve had a cumulative 3-4 weeks in the last 5 years without a book to work on (that’s definitely not a complaint), and it obviously takes more than casual effort to prep for another CCIE lab. And getting a CCIE in your spare time pretty much changes your life until you get it done, and I’ve never wanted another CCIE bad enough to make that sacrifice. But, I just always thought it’d be interesting to sit the lab again. And then Maurilio asked a few of us Cisco Press CCIE authors, plus others I’m sure, to sit the lab and give it a test. And it was fun.
OK, on to stuff you folks might care more about. I came to the exam with several specific items to keep an eye out for – things like the impact of adding a 2-hour troubleshooting section, how the config section would be different now that it’s 5.5 hours instead of 7.5, and the supposedly-dreaded open-ended questions. But the biggest surprise was obvious from the first few minutes of lab time – they changed the user interface of what you see to access the lab, and as a result, there’s no printed lab exercise book. The only paper for the lab is the note paper they give you to write on.
In the old days, you got a lab booklet that you couldn’t write on, but you could do the natural thing and pick up the book to look at the various lab requirements. I believe it’s true that the book had some lab diagrams as well. Now you get a GUI interface from which you can pull up the many different lab diagrams, read the various lab exercises. My gut reaction was that I didn’t like not having a book. After experiencing it, I thought the replacement GUI would have been reasonable if I had had time to practice with it.
The good part of the GUI was that once I was used to it, I could navigate to the next topic for both troubleshooting and config easily. The GUI essentially indexed the main lab exercise tasks, which may be a bit more convenient than flipping pages in a booklet. Once I got used to it (20 minutes maybe), I stopped to ask myself if the user interface itself would slow me down compared to the paper booklet, and I decided that if the small bugs were removed (e.g., no back button on the browser to get to the docs), AND if I had a chance to practice before the lab (so that 20 minute learning curve wasn’t part of the timed test), that it wouldn’t have hurt. Otherwise, call it a 20 minute hit for the day, wild unscientific guess. (I did ask, and as of now, there is no tutorial available before the exam; if it’s your first lab with this interface, you’ll get to learn it concurrent with doing the troubleshooting. I’d suggest asking as many questions as you can about the user interface before starting the timer.)
There were negatives to the GUI, but of course GUIs often have to do with personal preference. In this case, a few of my author friends and I were allowed to discuss amongst ourselves our impressions, and we all agreed that the navigation in the GUI was a bit of a problem. EG, to view a figure, you click, and a window pops, which is fine. However, you can’t minimize the window so that the bigger window behind it, where you access the console windows, is hidden. You can re-size, and move, but not minimize. To see another figure, the figure shows up in the same window, so to view both – like a cabling reference and a different VLAN reference – you have to toggle back and forth, and never see both at once. Then, to see the console term emulator windows, you have to move the figure window to the side, and then drag it back to see it again. No minimize/pop-open toggle like with Windows. Each figure required a different window size/shape to see the whole figure, and all the figures showed up in this one window, so there was no ability to make it the right size and find a good place on the screen for it.
Sorry for the ramble, but I wanted enough detail out to make a point: If I were taking it again to pass, I’d consider drawing a few of the figures for the config section, particularly the LAN layer 2 figure – both cabling and VLANs – on paper before even beginning to configure. (I would do this for the config section, but not for the t’shooting section.)
Next, let me give you some idea on the whole “is it too much” issue.
Most CCIE lab candidates that pass seem to do so with at least a little time to spare, and those that fail often run out of time, or don’t have time to review. So, I came to the test asking myself “if I were truly prepared for the lab, could I have finished on time enough to review my work?” This question has a new twist, now that it’s 3-part: open ended questions, then 2 hours of t’shooting, and then 5.5 hours config. (FYI, I didn’t study except on the flight to Raleigh, and I don’t stay current on everything so I could go fast enough to pass – so I estimated what “well prepared” meant.) The short answer is that I think that the troubleshooting section was attainable for a well-prepared candidate, and maybe a little too much (maybe shave 10% of the tasks to be fair), but the config section was too much by at least 20%. (My buddies co-authors thought roughly the same on config, and maybe that the t’shooting needed to be shaved more than my 10% guesstimate.)
Sitting back contemplating the whole “is it too much” thing, I came to two conclusions:
- 1) It was a Beta, and Cisco needs some experience with specific lab exams to figure out how much is too much. I’m sure they didn’t write all new lab exams, so the trick is to figure out how to compress the former 7.5 hour lab into 5.5 hours. They want you to pass if you know your stuff, and fail if you don’t. They don’t want you to fail if you truly know your stuff but they just gave you too much. From a systematic perspective, I think they’ll get the right mix. (Granted, I’m sure some of you have contradictory experiences on this point!)
- 2) I wonder if Cisco considered that the shrinkage from 7.5 to 5.5 hours on the build section was like removing the final 2 hours – the hours in which you are most familiar with the lab – rather than removing the first two hours. By the end 3rd hour of the build section, I needed the figures less and less. From a sheer mechanics perspective, I worked faster. Call it 3 hours in the config section before I was somewhat comfortable with the topology. With a 5.5 hour build, that splits the unfamiliar/familiar time as 3/2.5 hours. The old 7.5 hours would have given a 3 /4.5 hour split, so it felt like I was losing 2 hours of very productive time.
The next thing I was particularly curious about was the open-ended question section. Frankly, I’m a Dr. Jekyll/Mr. Hyde on this one. Wendell the cert guy looked at my open ended questions, and asked himself: “If I was truly prepared for the lab, would these questions be a problem?” Absolutely not. As a guy who has an interest in seeing Cisco certs thrive, I see the open-ended questions for what Cisco claims them to be – a cheating prevention tool. However, Wendell the imaginary CCIE R/S lab candidate says that the whole idea scares me to death, and may be too unfair to use as a cheating prevention tool. If I had been taking the lab on my nickel for real, rather than just kicking the tires, I would’ve been pysched out by the open-ended questions. You could get an unlucky draw of questions and get sent home. For real CCIE R/S candidates, I think this means that you don’t get ready for 70% of the topics, and go take the lab to experience it – you may not get past the questions. However, from what I saw, and from other discussions, I think if you’re ready for all aspects of the lab, you’ll be ready for the open-ended stuff. It’s just a little scary.
Last thing for today: general difficulty. I tried to imagine myself as a well-prepared candidate, but not over the top – you know, if I took the classes, did labs from a few lab books, read Doyle/Halabi/etc, practiced a lot for speed, then the lab I got was not too difficult. In fact, I did not see a single item that I viewed as a “trick” – no wording that made me do function X using methods no one in their right mind would try. Everything I saw was detailed – it required mastery of a lot of topics – but it was all stuff that you might come across as something you’d really use in the real world. Really. That was a nice surprise. The difficulty level comes from seeing the requirements, mentally putting it all together, deciding what to configure, configuring, t’shooting to make sure it works, and doing that 5X faster than you would have to do in real life. But it was refreshing to not see anything that looked like tricks just to make sure you knew how to make one parm on one command do its thing.
One more note on the difficulty level: I think if you prepared with the traditional tools – books, classes, lab books, lots of hands-on practice, and understood it, that the difficulty level was very fair and reasonable.
OK, that’ it for today. Next time, I’ll look at the Troubleshooting section in particular
October 18, 2009
System MTU / ip ospf mtu-igonore
I was working on OSPF lab and suddenly on my 3560’s I saw a OSPF adjacency errors.
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.1 on
FastEthernet0/0 from EXSTART to DOWN, Neighbor Down: Too many
retransmissions
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.1 on
FastEthernet0/0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
Suddenly I realized that may be I have MTU issues as I just completed a Q-in Q lab and changed my switch MTU , but to double check
I thought of checking a “debug ip ospf events” … and here it was.
OSPF: Rcv DBD from 192.168.10.1 on
FastEthernet0/0 seq 0×12A6 opt 0×52 flag 0×7 len 32 mtu 1504 state
EXSTART
OSPF: Nbr 192.168.10.1 has larger interface MTU
There are multiple ways to fix this, you can either issue “system mtu 1500″ on switches or use an interface level command on Routers “Ip ospf mtu-ignore” . or the third one will be to change MTU on router interfaces ( Least preferred).
when value is changed, it will not be stored in neither running-config
nor startup-config. On Catalyst 3550, this information is stored in a
separate file on the flash. On Catalyst 3560, you can’t see it, unless
you do “show system mtu”.
“system mtu 1500″ on switches is the default command. Even when value is changed, it will not be stored in running-config or startup-config. On Catalyst 3550, this information is stored in a separate file on the flash. On Catalyst 3560, you can’t see it, unless you do “show system mtu”.
This is one of the well-know gotchas on the actual lab exam.You have to know how to solve this. Hence, when configuring routing protocols on switches, make sure you know what the MTU is.
One important thing to note is that you might break stuff in the lab if you were suppose to configure MTU for q-in q lab and later you changed “System MTU” in your switch to fix OSPF issue.
You can also use system mtu routing 1500 in your switch to fix OSPF issue as this will be only used for routing but for Q-in-Q lab switch MTU will be still used as 1504.
IMHO,Best way to fix this in the lab would be “ip ospf mtu-ignore” under the interface on your router.
MTU has to be the same on both ends of the link before the neighbor can form adjacency.
October 14, 2009
Narbik’s CCIE study tips
Here is the post from Narbik in groupstudy on CCIE studies.
I personally do not agree with time tables, things happen and sometimes we
can not adhere to that time table. You see…everyone has an approach and i
am sure Anthony gives one of the best recommendations, i have heard what he
recommended to some of my students, and i totally respect and agree with his
approach. But the following is mine:
Divide the blueprint into chunks, this is what i did when i was studying for
the lab:
Switching – Let’s say you are doing vendor xyz’s work book, go through the
switching section and do it couple of times, once you are totally
comfortable with all the switching labs from that particular vendor, you
should do the same labs one more time, but this time you will look up every
command in the DOC CD, and go on from command/section by section until you
are totally comfortable with all aspects of switching. This may take 2 weeks
or 3 weeks, DO NOT set a hard time table, setup a comfortable time table,
one that you can repeat without jeopardizing your family life, and other
important things.
GO through the entire blueprint in that manner and summarize what you
learned from a given section/lab, lab it up, remember the three golden
rules: 1) Configure, 2) Verify, and 3) *TEST*.
Let’s say your lab is on Monday, take off the Friday before, get up 6:30 AM
and go through the same routine, Shower, Shave, Sh%$, Shampoo……etc….
7:30 AM start a mock lab, stop 11:30 for 30 minutes lunch and start back at
12:00 and stop the test at 4:30.
Saturday, Sunday you should go through the same process, Monday your body
has adjusted to that routine and it will be just another day, you will be
able to sit and focus for 8 hours without any problems.
and always remember QUALITY BEATS QUANTITY.
Just my 2 cents.
October 5, 2009
Cisco Developers Superstitious? IOS 15.0 ??
Everybody is talking about it. Are cisco developers superstitious? Why did they skipped IOS 13.0 and 14.0? Well, I can’t say why but on the serious note, here is the overview
Cisco IOS Software Release 15.0 follows Release 12.4(24)T. Created for wide deployment in the world’s most demanding enterprise, access, and service provider networks, Cisco IOS Software Release 15.0 provides a comprehensive portfolio of Cisco technologies, functions, and hardware support from Releases 12.4 and 12.4T, anchored by an intensive stability and testing program. Important innovations span multiple technology areas, including security, voice, high availability, IP Routing and Multicast, quality of service (QoS), IP Mobility, Multiprotocol Label Switching (MPLS), VPNs, and Cisco IOS MPLS Embedded Management.
Cisco IOS Software Release 15.0 can help you by providing new feature and hardware support more quickly than in previous Mainline (M) and Technology (T) releases, broadened feature consistency with other major Cisco IOS Software Releases, more predictable new feature release and rebuild schedules, proactive individual release support policies, enhanced release numbering, and clearer software deployment and migration guidelines.
Here is the link to the new features
August 11, 2009
Tunneling Solutions in IPv6
As usual Narbik posted an excellent post on Groupstudy on IPv6 Tunnels. Here it is
*There are 5 tunneling solution in IPv6:*
*1. Using the “Tunnel mode ipv6ip”, in this case the tunnel source and
destination are configured with IPv4 addressing and the tunnel interface is
configured with IPv6. This will use protocol 41. This is used for IPv6/IPv4.
*
R1(config)#int tunnel 1
R1(config-if)#ipv6 address 12:1:12::1/64
R1(config-if)#tunnel source 10.1.12.1
R1(config-if)#tunnel destination 10.1.12.2
R1(config-if)#*tunnel mode ipv6ip*
*2. Using the “Tunnel mode gre ipv6″, in this case the tunnel source and
destination are all configured with IPv6 addressing. This is used for
IPv6/IPv6. *
BB1(config)#int tunnel 1
BB1(config-if)#ipv6 address 121:1:121::111/64
BB1(config-if)#tunnel source 10:1:111::111
BB1(config-if)#tunnel destination 10:1:112::112
BB1(config-if)#*tunnel mode gre ipv6*
*3. In this case, the third type, the tunnel mode is NOT used at all, note
that the tunnel interface is configured with IPv6 and the tunnel source and
destination is configured with IPv4 but no mention of tunnel mode. This
configuration will use protocol 47. This is used for IPv6/IPv4. *
R1(config)#int tunnel 13
R1(config-if)#ipv6 address 13:1:13::1/64
R1(config-if)#tunnel source 10.1.13.1
R1(config-if)#tunnel destination 10.1.13.3
*4. Note in this case a special addressing is assigned to the tunnel
interface which is a concatenation of a reserved IPv6 address of
2002followed by the translated
IPv4 address of a given interface on the router. In this configuration ONLY
the tunnel source address is used and since the tunnel is automatic,
the destination
address is NOT configured. The tunnel mode is set to “Tunnel mode ipv6ip
6to4″. Note the IPv4 address of 10.1.1.1 is translated to 0A.01.01.01 and
once concatenated, it will be “2002:0A01:0101: or 2002:A01:101. This is used
for IPv6/IPv4.*
R1(config)#interface Tunnel14
R1(config-if)#ipv6 address 2002:A01:101::/128
R1(config-if)#tunnel source 10.1.1.1
R1(config-if)#*tunnel mode ipv6ip 6to4*
*5. ISATAP, ISATAP works like 6to4 tunnels, with one major difference, it
uses a special IPv6 address which is formed as follows: *
*In this tunnel mode, the network portion can be any IPv6 address, whereas
in 6to4 it had to start with 2002.*
*Note when the IPv6 address is assigned to the tunnel interface, the
“eui-64″ is used, in this case the host portion of the IPv6 address starts
with “0000.5EFE” and then the rest of the host portion is the translated
IPv4 address of the tunnel’s source IPv4 address. This translation is
performed automatically unlike 6to4. This is used for IPv6/IPv4.*
R4(config)#int tunnel 46
R4(config-if)#ipv6 address 46:1:46::/64 eui-64
R4(config-if)#tunnel source 10.44.44.44
R4(config-if)#*tunnel mode ipv6ip ISATAP*
August 7, 2009
Undocumented IOS commands
Undocumented IOS commands
Here you can find a collection of undocumented (not on Cisco Dokumentation CD or in online help) IOS commands:
- csim
- show interface switching
- show ip ospf statistics
- show ip ospf m
- show ip ospf events
- debug ip ospf monitor
- no service password-recovery
- ttcp
- if-con
- no snmp-server sparse-tables
- who
- show region
- ps -c
- quit
- test aaa group radius
- show snmp
- set option flowcontrol
With the command csim you can emulate a voice call. ItŽs like sombody calls the specified number. Usefull, if you donŽt have physically access to telephone:
Sucessfull call:
wg1r1#csim start 089150
csim: called number = 089150, loop count = 1 ping count = 0
csim err csimDisconnected recvd DISC cid(21)
csim: loop = 1, failed = 1
csim: call attempted = 1, setup failed = 1, tone failed = 0
wg1r1#csim start 089151
csim: called number = 089151, loop count = 1 ping count = 0
csim err:csim_do_test Error peer not found
With show interface switching you can see in detail, which protocols are process, fast or elsewhere switched. ItŽs helpfull for traffic engineering:
wg1r1#sh interfaces switching
Ethernet0/0
Throttle count 0 Drops RP 0 SP 0 SPD Flushes Fast 0 SSE 0 SPD Aggress Fast 0 SPD Priority Inputs 5700 Drops 0 Protocol Path Pkts In Chars In Pkts Out Chars Out Other Process 8821 983982 7806 468360 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 IP Process 32228 3339712 5786 611402 Cache misses 0 Fast 92667 8980418 133414 189720295 Auton/SSE 0 0 0 0 DEC MOP Process 0 0 130 10010 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 ARP Process 6440 386380 195 11700 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 CDP Process 0 0 1302 404922 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0
With show ip ospf statistics you get detail informations about OSPF SPF. You can see the reasons for SPF and the calculation times:
London#show ip ospf statistic
Area 0: SPF algorithm executed 15 times
SPF calculation time
Delta T Intra D-Intra Summ D-Summ Ext D-Ext Total Reason
00:45:02 32 0 0 0 0 0 36 R,
00:41:00 28 0 0 0 0 0 28 R, N,
00:40:50 28 0 0 0 0 0 28 R,
00:38:13 28 0 0 0 4 0 32 R, X
00:34:18 24 0 0 0 4 0 32 R, N,SN,SA,X
00:07:37 24 0 0 0 0 0 36 R,
00:05:18 308 0 4 0 28 0 356 R,
00:04:05 24 0 0 0 4 0 28 R,
00:01:31 24 0 4 0 0 0 36 R,
00:01:21 24 0 0 4 0 0 36 R,
With debug ip ospf monitor you can monitor the OSPF SPF.
London#deb ip ospf monitor
OSPF spf monitoring debugging is on
2d04h: OSPF: 192.168.181.2 address 192.168.181.193 on TokenRing0 is dead, state DOWN
2d04h: OSPF: Schedule SPF in area 0
Change in LS ID 0.0.0.0, LSA type R,
2d04h: OSPF: schedule SPF: spf_time 0ms wait_interval 187489656s
2d04h: %SYS-5-CONFIG_I: Configured from console by console
2d04h: OSPF: Start redist-scanning
2d04h: OSPF: Scan for redistribution
2d04h: OSPF: End scanning, Elapsed time 0ms
2d04h: %LINK-5-CHANGED: Interface TokenRing0, changed state to administratively down
2d04h: OSPF: Begin SPF at 0xB2CF100ms, process time 360ms
2d04h: spf_time 0ms, wait_interval 187489656s
2d04h: OSPF: End SPF at 0xB2CF120ms, Total elapsed time 32ms
2d04h: Intra:24ms, Inter: 0ms, External: 0ms
I found that in 12.0(20) Enterprise that show ip os monitor is not available but show ip os m is. Show ip os events is the undocumented command:
tr-Albany-2#sh ip os monitor
^
% Invalid input detected at ‘^’marker.
Rtr-Albany-2# sh ip os m
AS System 1
Maxage delete timer due in NEVER
Rtr-Albany-2#sh ip os events
1 17844 Timer Exp: if_ack_delayed 0×616DDE08
2 40152 Generic: ospf_redist_callback 0×61735760
3 59800 Timer Exp: if_ack_delayed 0×616DD3C8
4 88664 Timer Exp: if_ack_delayed 0×616DDE08
5 88672 Timer Exp: if_ack_delayed 0×616DD3C8
6 100184 Generic: ospf_redist_callback 0×61735760
7 126576 Timer Exp: if_ack_delayed 0×619621AC
8 160216 Generic: ospf_redist_callback 0×61735760
9 164976 Timer Exp: if_ack_delayed 0×616DDE08
10 189256 Timer Exp: if_ack_delayed 0×616DD3C8
….
90 534184 Timer Exp: nbr_retrans_lsa 0xC0A8E425
91 534184 Timer Exp: nbr_retrans_lsa 0xC0A8FC13
92 534188 Timer Exp: nbr_retrans_lsa 0xC0A8FC04
Rtr-Albany-2#
Many thanks for this command goes to Paul.
Disable Password Recovery or ROM Monitor Access:
#sh run
Building configuration…
Current configuration:
!
Version 12.1
!
no service password-recovery
!
#rel
Proceed with reload? [confirm]
.Feb 9 12:57:24.013: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
pressed:
PC = 0xfff0bba8, Vector = 0×500, SP = 0×680127c8
C2600 platform with 49152 Kbytes of main memory
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
PC = 0xfff14dfc, Vector = 0×500, SP = 0×80004864
PC = 0xfff14e08, Vector = 0×500, SP = 0×80004864
PC = 0xfff14df8, Vector = 0×500, SP = 0×80004374
program load complete, entry point: 0×80008000, size: 0×8b9c04
…
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.1(3a)T4, RELEASE SOFTWARE (fc1)
Start a TCP data server/receiver for TCP performance testing between two Cisco 7500 router:
sh ver
Cisco Internetwork Operating System Software
IOS ™ RSP Software (RSP-JSV-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
Router#ttcp
transmit or receive [receive]: transmit
Target IP address: 1.1.1.1
perform tcp half close [n]:
send buflen [8192]:
send nbuf [2048]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
buffering on writes [y]:
show tcp information at end [n]:
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp -> 1.1.1.1
%Connect failed: Destination unreachable; gateway or host down
Router#ttcp
transmit or receive [receive]:
perform tcp half close [n]:
receive buflen [8192]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
rcvwndsize [4128]:
delayed ACK [y]:
show tcp information at end [n]:
ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes tcp
Many thanks for this command goes to Thomas Moyses.
On Cisco 7500 you can connect you to the VIP boards for VIP commands (memory, cpu,etc.)
Router#if-con 2 con
Entering CONSOLE for VIP2 2
Type “^C^C^C” or “if-quit” to end this session
VIP-Slot2>
VIP-Slot2>?
Exec commands:
clear Reset functions
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
name-connection Name an existing network connection
ping Send echo messages
resume Resume an active network connection
set Set system parameter (not config)
show Show running system information
systat Display information about terminal lines
terminal Set terminal line parameters
traceroute Trace route to destination
where List active connections
VIP-Slot2>en
VIP-Slot2#sh ver
Cisco Internetwork Operating System Software
IOS ™ VIP Software (SVIP-DW-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 13-Oct-99 22:05 by phanguye
Image text-base: 0×60010920, data-base: 0×60224000
ROM: System Bootstrap, Version 11.1(11368) [pgreenfi 17], INTERIM SOFTWARE
VIP-Slot2 uptime is 10 minutes
System restarted by power-on
Running default software
cisco VIP2 (R4700) processor (revision 0×02) with 8192K bytes of memory.
Processor board ID 00000000
R4700 processor, Implementation 33, Revision 1.0 (512KB Level 2 Cache)
4 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
Configuration register is 0×0
VIP-Slot2#?
Exec commands:
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
copy Copy from one file to another
debug Debugging functions (see also ‘undebug’)
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
more Display the contents of a file
name-connection Name an existing network connection
no Disable debugging functions
ping Send echo messages
pwd Display current working directory
reload Halt and perform a cold restart
resume Resume an active network connection
send Send a message to other tty lines
set Set system parameter (not config)
setup Run the SETUP command facility
show Show running system information
systat Display information about terminal lines
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
undebug Disable debugging functions (see also ‘debug’)
where List active connections
write Write running configuration to memory, network, or terminal
VIP-Slot2#
Many thanks for this command goes to Thomas Moyses.
Router(config)# no snmp-server sparse-tables
Get the complete SNMP MIB table. On controller interface you get without this command e.g. no out bytes counter. With this commands you get every object with SNMP get-next.
who is a alias for show user.
Router#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
1 aux 0 idle 00:01:19
Get more detail IOS informations:
Router#sh region
Region Manager:
Start End Size(b) Class Media Name
0×02700000 0×02FFFFFF 9437184 Iomem R/W iomem
0×60000000 0×60FFFFFF 16777216 Flash R/O flash
0×80000000 0×826FFFFF 40894464 Local R/W main
0×80008088 0×8071A2A3 7414300 IText R/O main:text
0×8071A2A4 0×8097FD93 2513648 IData R/W main:data
0×8097FD94 0×80A4E0CF 844604 IBss R/W main:bss
0×80A4E0D0 0×826FFFFF 30089008 Local R/W main:heap
Many thanks for this command goes to Thomas Moyses.
router> ps -c
Will list the process on the router in a “better” way then show process.
Many thanks for this command goes to Thomas Surber.
leaving a telnet session: normally with “exit” or “ex”.
do this very fast with “q” (quit)
Many thanks for this command goes to Peter Schmid.
test aaa group radius toto titi
To test radius on one router.
CISCO AS5800: This command allow to connect directly to the DSC IOS card from the router Shelf of the
AS5800
dsip con slave “Slot # of the DSC”
ex: dsip con slave 12
Many thanks for this commands goes to Serge Baikoff.
These commands have been found in a Cisco 3640 router using the version 12.1(6). It’s very posible that some of these commands are not avalaible in older versions.
– show ip ftp-username
Show the name of the user configured with the comand “ip ftp username”.
–show ip ftp-password
Display the password configured with the command “ip ftp passwword”
– show ip spd
I don’t know the function of this command, but it looks as folow:
sh ip spd
Current mode: normal.
Queue min/max thresholds: 73/74, Headroom: 100
IP normal queue: 0, priority queue: 0.
SPD special drop mode: none
– show ip ospf timers lsa
Show the ospf lsa timers and its output is:
sh ip ospf timers lsa
OSPF Router with ID (215.224.32.13) (Process ID 1)
Group size 5, Head 0, Search Index 4, Interval 240 sec
Next update due in 00:00:15
Current time 64496
Index 0 Timestamp 64511
Index 1 Timestamp 64768
Index 2 Timestamp 65014
Index 3 Timestamp 65258
Index 4 Timestamp 65509
Failure Head 0, Last 0 LSA group failure logged
– show ip eigrp sia-statistics
I don’t know the meaning of this command. When it’s typed shows no useful information:
sh ip eigrp sia-statistic
Many thanks for this command goes to Atreides.
Here’s some additional hidden cisco IOS command for debugging ATM on a PA-A3. You need to connect to the VIP first and be in enable mode: (I guess this one is double hidden, first the if-con and then the test atmdx)
syntax: test atmdx PAslotnr (0 or 1)
7507#if-con 0
Console or Debug [C]: c
Entering CONSOLE for VIP2 R5K 0
Type “^C^C^C” or “if-quit” to end this session
VIP-Slot0>enable
VIP-Slot0#test atmdx 0
Main:
1 – VC test
2 – Rx SAR
3 – Tx SAR
q – Quit
Select option : 1
Test VC Section:
1 – Show vc
2 – Show vc statistics
3 – Change vc
q – Quit
Select option : 2
Enter vc number or -1 for all : -1
vcd 1: in_pkts 4, in_drops 0, out_pkts 4, out_drops 0
crc32 0, timeout 0, oversized 0
vcd 2: in_pkts 1, in_drops 0, out_pkts 1, out_drops 0
crc32 0, timeout 0, oversized 0
vcd 3: in_pkts 28, in_drops 0, out_pkts 21, out_drops 0
crc32 0, timeout 0, oversized 0
vcd 4: in_pkts 1, in_drops 0, out_pkts 1, out_drops 0
crc32 0, timeout 0, oversized 0
Many thanks for this commands goes to Rogger Schobben.
Tested on 12.22T:
sh snmp host
sh snmp notif
test aaa group policy accounting WORD
test aaa group policy authorization WORD
test aaa group policy authentication WORD
test aaa group priviliges authentication WORD (same for accounting and auth)
In fact there’s a bunch of other stuff you can do behind test aaa group. If you type “a” behind this f.ex., you will also see incomplete command.
Many thanks for this commands goes to Filip Waeytens.
If you are overrunning the buffers on ports, at a Cat6500 enable (global) mode, we can enable flow control between the two ASICs on the 6348 card (HW MSFC2) using the command
set option flowcontrol enable
This should help with the out-discards. It may clear it up and it may not. If it doesn’t, you will need more to either create an etherchannel to the router or move to a higher bandwidth connection. The command set option flowcontrol enable allows the COIL ASIC to pass traffic to the Pinnacle ASIC for buffering assistance when the COIL ASIC is overloaded with traffic.
Many thanks for this commands goes to Renato Vilela de Magalháes.
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
clear ip eigrp [as] event Clear IP-EIGRP event logs
clear ip eigrp [as] logging Stop IP-EIGRP event logging
config overwrite
debug dialer detailed
debug ip packet … dump Outputs a hex & ASCII dump of the packet’s contents
debug isdn code
debug sanity
if-con attach to a vip console
if-cons
ip forwarding
ip forwarding accounting
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
memory scan Parity check for 7500 RSPs
modem-mgmt csm debug-rbs
no service password-recovery
service internal
set destination-preference
show alignment
show asp
show caller
show caller ip
show chunk
show chunk summary
show controller vip log
show controller vip tech
show fib
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show hardware
show idb
show interface statis
show interface switching
show interfaces stat
show interface stat
show interfaces switching
show int switching
show ip eigrp event [as] [start# end#] IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#] IP-EIGRP SIA event
show ip eigrp timers [as] IP-EIGRP Timers
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf ev
show ip ospf events
show ip ospf maxage
show ip ospf maxage
show ip ospf statistics
show isdn active
show isdn history
show list
show list nonempty
show llc
show media
show media access-lists
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show profile
show profile detail
show profile terse
show refuse-message
show region
show region address
show rsh
show rsh-disable-commands
show rsp
show slip
show slot
show snmp mib
show sum
show timers
snmp-server priority low
test crash makes the router crash
test ipc misc
test mbus power
ttcp
router bgp …
bgp redistribute-internal
Usage:
Redistributing BGP into another protocol only redistributes E-BGP routes. Using this command in the BGP configuration will also redistribute I-BGP routes in the other routing-protocol.
Source:-http://www.uniberg.com/cisco/undocumented/68.html?session=9c97cccb7190a2eb0f1d0c49d40703c3
